Acunetix v12 Web Vulnerability Scanner (WVS) Latest Build and Release

This is very common ask and keep update post, latest on top, and old just behind the latest information. Instead of create multiple post in different date, we combine all in one, easy for reference for the same edition and build history and feature implement along the release. The post date will keep change to reflect for the latest changes, despite it older portion of content is post previously, it will keep update the post date to make it relevant for customer and for those who want to access all the information in one post.

5-Dec-2018

Acunetix version 12 (Windows build 12.0.181203110, Linux build 12.0.181204095) has been released. This new build includes updates to DeepScan and Login Sequence Recorder (LSR). It also introduces support for Swagger and Kerberos HTTP Authentication in the Windows version and introduces support for NTLM HTTP Authentication in the Linux version. Also added a good number of new vulnerability checks, including a huge update increasing the detection of stored XSS, and vulnerability checks in major products such as Apache Tomcat, CouchDB, Apach ActiveMQ, Node.js, Oracle WebLogic, nginx, and others. The new build also includes a good number of updates and fixes.

Unless otherwise stated, the new features / checks, updates and fixes are available for both Windows and Linux.

New features

Deepscan has been updated to make use of Chromium (Windows only – already included in Linux)

Login Sequence Recorder has been updated to make use of Chromium (Windows only – already included in Linux)

Acunetix can now test APIs document using Swagger (Windows only – already included in Linux)

Introduced support for NTLM HTTP Authentication on Linux release (already included on Windows)

Added mock geo-location support to support scanning sites that require geo-location

Improved analysis of XML and JSON

Fixes

Fixed scanner crash when scan was resumed from paused state

Fixed some issues in the handling of cookies

Custom cookies were not always used

Content-Type header was not always being sent. This affected the detection of some vulnerabilities

Fixed a false positive in SSL weak key length vulnerability check

Fixed issue in the Social Security Number and Credit Card number check

Fixed issue with AcuSensor download on Linux release

Fixed issue causing scans to be aborted when server returns an invalid charset

Fixed a number of other issues causing the scanner to close unexpectedly

Fixed a few security issues discovered internally

Sensitive and Backup files were not being checked for in the site root

Fixed issue with jquery version extractor

Fixed 2 internally reported security issues

Fixed issue with re-installation of Linux installations

15-Nov-2018 Acunetix for Linux

Acunetix official release of Acunetix for Linux

Acunetix is one of the first commercial, automated web vulnerability scanners to be released for Linux as well as Windows, offering customers the choice to scan for vulnerabilities using Acunetix on their preferred Operating System.

Linux has been known to be reliable, cost effective and secure, and is the server operating system of choice for many large organisations including Facebook, Twitter and Google.

Benefits of Running Acunetix on Linux

Reliability and security: Linux is the operating system most often selected for servers that need close to 100% uptime. Using Linux increases the reliability needed for the thousands of operations required to scan a website.

Cost-effectiveness: Acunetix customers can run the scanner in their own private cloud on either Amazon AWS, Digital Ocean or Google Cloud, for example.

Customer from now onward had the choice for whether to deploy in Windows or Linux.

15-Oct-2018 Acunetix version 12 (build 12.0.181012141) has been released. This new build reports sites that do not implement Content Security Policy (CSP) or Subresource Integrity (SRI) and detects Node.js source disclosure, Ghostscript RCE, SSRF in Paperclip and other vulnerabilities. This new build has a good number of updates and some important fixes. Below is a full list of updates.

Fixed: Some vulnerabilities were incorrectly reported in the site root

Fixed issue in similar page detection causing scans to take longer than expected

Fixed issue causing valid sessions not to be identified correctly during the scan.

12-Sep-2018 Acunetix version 12 (build 12.0.180911134) has been released. This new build adds two new AcuMonitor checks, detection of Web Cache Poisoning, Apache Struts RCE, URL rewrite vulnerabilities and Drupal Core Open Redirect. This new build has a good number of updates and some important fixes. Below is a full list of updates.

Release Overview

Acunetix v12 (build 12.0.180821106) has been released. This new build adds checks for vulnerabilities in Liferay, Apache Shiro, RichFaces, Telerik and Tomcat. The new build also includes a number of updates and fixes. Below is a full list of updates.

Release Overview

This new build adds detection for vulnerabilities in Cisco ASA, Apache Tomcat, Altassian Jira, Spring, JBoss and misconfigured nginx installations. The new build also includes HTTP Responses in the vulnerability alerts, and re-introduces manual intervention in the Login Sequence Recorder and a good number of additional updates and fixes.

Below is a full list of updates.

New Features

HTTP responses is not shown for vulnerabilities detected (only affects new scans)

Updates

Password is no longer required when configuring client certificate for a Target

Additional memory optimization

Scanner will now report when the LSR cannot login

Application Error Message vulnerability check updated to provide more details on the error

Reports, XML exports and WAF exports now use a more meaningful filename

Reports now show the status of a scan

Scan debug logs now include imported files

Increased maximum number of Issue Trackers that can be configured.

Fixes

Fixed multiple crashes while scanning

Scanner will now re-authenticate when website invalidates authentication during scan (applies to HTTP authentication only)

Scanner sometimes fails to decode LSR output, leading to an unauthenticated scan, now fixed

Fixed many issues causing vulnerabilities to be undetected or to be detected incorrectly

Two fixes affecting the setting of Cookies

Fixed issue in RSS parsing

Fields with certain characters in the name (such as $) were not being tested

Some out of scope paths were still being crawled

Fix in the Autologin

Upon upgrade, user is asked to “Logout from Other Session”: Fixed

Fixed Target and Vulnerabilities reports that were failing

Fixed recurrent scans for Standard licenses that were being disabled

Fixed some reports were generated without file extension.

25-Jun-2018 Acunetix v12 (build 12.0.180619111) has been released. This new build introduces new vulnerability checks for WordPress, Django, multiple Spring Framework and Atlassian products. Below is a full list of updates.

Fixes

Crash dump was sometimes not being created

14-Jun-2018 Acunetix v12 (build 12.0.180611183) has been released. This new build introduces new vulnerability checks for Oracle Weblogic, PHPUnit, Edge Side Include Injection and other vulnerabilities. The new build also includes a good number of updates and several important fixes. Acunetix Online has also been updated to reflect these updates. Below is a full list:

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page. If you have not yet installed or upgraded to Acunetix v12, you may download Acunetix version 12 from here. Use your current still valid Acunetix License Key to download and activate your product. Be note that for pre v12 customer upgrade to v12, you are need to follow v12 target licensing model. Your previous pre v12 unlimited licensing is discontinued and once upgrade you can not downgrade.